Ejemplo n.º 1
0
  /**
   * Generates an authorisation header in response to wwwAuthHeader.
   *
   * @param method method of the request being authenticated
   * @param uri digest-uri
   * @param requestBody the body of the request.
   * @param authHeader the challenge that we should respond to
   * @param username
   * @param password
   * @return an authorisation header in response to authHeader.
   * @throws OperationFailedException if auth header was malformated.
   */
  public static AuthorizationHeader getAuthorizationHeader(
      String method,
      String uri,
      String requestBody,
      WWWAuthenticateHeader authHeader,
      String username,
      String password) {
    String response = null;
    HeaderFactory headerFactory = SipFactories.headerFactory;

    // JvB: authHeader.getQop() is a quoted _list_ of qop values
    // (e.g. "auth,auth-int") Client is supposed to pick one
    String qopList = authHeader.getQop();
    String qop = (qopList != null) ? "auth" : null;
    String nc_value = "00000001";
    String cnonce = "xyz";

    try {
      response =
          MessageDigestResponseAlgorithm.calculateResponse(
              authHeader.getAlgorithm(),
              username,
              authHeader.getRealm(),
              password,
              authHeader.getNonce(),
              nc_value, // JvB added
              cnonce, // JvB added
              method,
              uri,
              requestBody,
              qop); // jvb changed
    } catch (NullPointerException exc) {
      throw new IllegalStateException("The authenticate header was malformatted", exc);
    }

    AuthorizationHeader authorization = null;
    try {
      if (authHeader instanceof ProxyAuthenticateHeader) {
        authorization = headerFactory.createProxyAuthorizationHeader(authHeader.getScheme());
      } else {
        authorization = headerFactory.createAuthorizationHeader(authHeader.getScheme());
      }

      authorization.setUsername(username);
      authorization.setRealm(authHeader.getRealm());
      authorization.setNonce(authHeader.getNonce());
      authorization.setParameter("uri", uri);
      authorization.setResponse(response);
      if (authHeader.getAlgorithm() != null) {
        authorization.setAlgorithm(authHeader.getAlgorithm());
      }

      if (authHeader.getOpaque() != null && authHeader.getOpaque().length() > 0) {
        authorization.setOpaque(authHeader.getOpaque());
      }

      // jvb added
      if (qop != null) {
        authorization.setQop(qop);
        authorization.setCNonce(cnonce);
        authorization.setNonceCount(Integer.parseInt(nc_value));
      }

      authorization.setResponse(response);

    } catch (ParseException ex) {
      throw new SecurityException("Failed to create an authorization header!");
    }

    return authorization;
  }
  /**
   * Generates an authorisation header in response to wwwAuthHeader.
   *
   * @param method method of the request being authenticated
   * @param uri digest-uri
   * @param requestBody the body of the request.
   * @param authHeader the challenge that we should respond to
   * @param userCredentials username and pass
   * @return an authorisation header in response to authHeader.
   * @throws OperationFailedException if auth header was malformated.
   */
  private AuthorizationHeader getAuthorization(
      String method,
      String uri,
      String requestBody,
      WWWAuthenticateHeader authHeader,
      UserCredentialHash userCredentials) {
    String response = null;

    // JvB: authHeader.getQop() is a quoted _list_ of qop values
    // (e.g. "auth,auth-int") Client is supposed to pick one
    String qopList = authHeader.getQop();
    String qop = (qopList != null) ? "auth" : null;
    String nc_value = "00000001";
    String cnonce = "xyz";

    response =
        MessageDigestAlgorithm.calculateResponse(
            authHeader.getAlgorithm(),
            userCredentials.getHashUserDomainPassword(),
            authHeader.getNonce(),
            nc_value, // JvB added
            cnonce, // JvB added
            method,
            uri,
            requestBody,
            qop,
            sipStack.getStackLogger()); // jvb changed

    AuthorizationHeader authorization = null;
    try {
      if (authHeader instanceof ProxyAuthenticateHeader) {
        authorization = headerFactory.createProxyAuthorizationHeader(authHeader.getScheme());
      } else {
        authorization = headerFactory.createAuthorizationHeader(authHeader.getScheme());
      }

      authorization.setUsername(userCredentials.getUserName());
      authorization.setRealm(authHeader.getRealm());
      authorization.setNonce(authHeader.getNonce());
      authorization.setParameter("uri", uri);
      authorization.setResponse(response);
      if (authHeader.getAlgorithm() != null) {
        authorization.setAlgorithm(authHeader.getAlgorithm());
      }

      if (authHeader.getOpaque() != null) {
        authorization.setOpaque(authHeader.getOpaque());
      }

      // jvb added
      if (qop != null) {
        authorization.setQop(qop);
        authorization.setCNonce(cnonce);
        authorization.setNonceCount(Integer.parseInt(nc_value));
      }

      authorization.setResponse(response);

    } catch (ParseException ex) {
      throw new RuntimeException("Failed to create an authorization header!");
    }

    return authorization;
  }